[arch-commits] Commit in hplip/trunk (2 files)

Andreas Radke andyrtr at gemini.archlinux.org
Sat Mar 12 20:17:59 UTC 2022 

    Date: Saturday, March 12, 2022 @ 20:17:58
  Author: andyrtr
Revision: 439478

upgpkg: hplip 1:3.22.2-2: fix possible stack buffer overflows - FS#48112

Added:
  hplip/trunk/0024-fix-possible-stack-buffer.overflows.patch
Modified:
  hplip/trunk/PKGBUILD

------------------------------------------------+
 0024-fix-possible-stack-buffer.overflows.patch |   11 +++++++++++
 PKGBUILD                                       |    6 +++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

Added: 0024-fix-possible-stack-buffer.overflows.patch
===================================================================
--- 0024-fix-possible-stack-buffer.overflows.patch	                        (rev 0)
+++ 0024-fix-possible-stack-buffer.overflows.patch	2022-03-12 20:17:58 UTC (rev 439478)
@@ -0,0 +1,11 @@
+--- hplip-3.22.2/scan/sane/bb_ledm.c	2022-02-23 08:41:05.000000000 +0100
++++ hplip-3.22.2/scan/sane/bb_ledm.c.new	2022-03-12 21:10:05.818054984 +0100
+@@ -1015,7 +1015,7 @@
+   c +=11;
+   char BinaryURL[30];
+   i = 0;
+-  while(*c != '<')
++  while(*c != '<' && i < 29)
+   {
+      BinaryURL[i++] = *c ;
+      c++;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-03-12 17:47:44 UTC (rev 439477)
+++ PKGBUILD	2022-03-12 20:17:58 UTC (rev 439478)
@@ -5,7 +5,7 @@
 
 pkgname=hplip
 pkgver=3.22.2
-pkgrel=1
+pkgrel=2
 epoch=1
 pkgdesc="Drivers for HP DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet"
 arch=('x86_64')
@@ -28,6 +28,7 @@
         disable_upgrade.patch
         0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch
         0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch
+        0024-fix-possible-stack-buffer.overflows.patch
         # use the one from Fedora
         hplip-configure-python.patch
         python3.diff
@@ -37,6 +38,7 @@
             'ee0bd240568a7dbb4dc6ef64dba28ea84c4bedf7d688d054960c686666f8f0bc4562961c40845107ef0c936e60d3e676bffb2a1ba708039690bb0520cda3a525'
             '22aeb5b851f78bc6bc62e0bc3da99fecaf42d7604af41e2f3343f8d3666541f7b06b7d1a7d0ddf24f1731ac7b12dfe582375a98e3b94dfa323d6ce954549ca67'
             '763949a0bc460dcc9faefc86f2a91cf342781bfce696ed0c3826758572dd03ac266bbeb7b6a4f9376ac298d7d3c9c4def42d94921a8e1d1695e39396e36d95ff'
+            '460f4447faf688981bafebda71b0f144e662368ad87e944cb01834750ae133b1aad2a1c50e6ee168adf972cfe04ca0857da6ff1124d176f93c342f2a1273b962'
             '089c102357ea5fd55d81ae76aaff62713f780fd84500c3b92ecd6b2bb11ccdc3a162978548e9a5f9e98a8354a5be3997e416c52daa18eda4621ed79a29d6fea8'
             'b8a4c860e90a52ec566ca5a9c7f3a5ecb7386ae76e17b2c6c878073e60eeaf0cb63883b740b4725794be9914e1ab8fc91313efb288395f3095f599c07f54cf14'
             '7bad907228b7c2f3c43128f087a2f8e03778760b7a26179ff441c1f60127e2fca08c94dff76baea2469d3a253a8f46b285d0af0f62a6d8738926caf7a10f670b')
@@ -51,6 +53,8 @@
  patch -Np1 -i "${srcdir}"/0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch
  # fix some handling unicode file names FS#58412
  patch -Np1 -i "${srcdir}"/0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch
+ # address possible stack buffer overflows - FS#48112 / https://bugs.launchpad.net/hplip/+bug/1544099
+ patch -Np1 -i "${srcdir}"/0024-fix-possible-stack-buffer.overflows.patch
  # Workaround patch for missing Python3 transition of the old
  # (pre-USB-storage) photo memory card support (pcardext) - Debian patch
  patch -Np1 -i "${srcdir}"/python3.diff

More information about the arch-commits mailing list